By Need

By Industry

By Function

Cybersecurity & Risk Management

Patch Tuesday March 2021 Edition…Exchange Exploits Escalate

By Randy Becker, CISO & VP, Network and Security Consulting

As if the SolarWinds fiasco and the massive global on-premises Exchange Servers attack weren’t bad enough, here comes Microsoft Patch Tuesday for March 2021.

Microsoft Patch Tuesday announces 82 vulnerabilities, with 10 plus classified as critical, 1 zero-day exploit, and 72 as important. These have all be fixed in this month’s update courtesy of Microsoft. Of special note, these numbers do not include the 7 Microsoft Exchange and 33 Chromium Edge vulnerabilities already released.  

If you have an on-premises Exchange Server, you must apply the updates from Microsoft immediately. You can find the installation instructions here. The Exchange Server team has also created a script to run a check for HAFNIUM IOCs. That script is available here.

Estimates of 30,000+ victims in the U.S. alone

While the Microsoft Security Response Center (MSRC) website has a thorough update guide on the 82 new vulnerabilities, the bigger problem right now is the alarming number of Microsoft on-premises Exchange Servers being compromised with these “Web Shell” scripts that, once installed, provide a backdoor that gives threat actors full access to the impacted systems, remote control, the ability to read email, and the ability to move latterly within an environment with the potential to exploit other systems. There are estimates that this might exceed 30,000 victims in the U.S. and potentially hundreds of thousands worldwide.

What can you do right now to protect your organization?

So, what comes next? This is a very good question.

While we can only speculate, here are some thoughts based on previous experience. Security consulting organizations such as GreenPages have notified and assisted customers with getting Exchange Servers patched and determining if any systems have been compromised. I do, however, expect more ransomware, cyberespionage, and data exfiltration events to occur similar to what we have seen over the last year.

Simply put, the drumbeat is constant and the threats are real and dangerous; this is no time to be complacent. As we continue to field calls from organizations looking for assistance, it’s clear that even the smartest security teams need help to remain vigilant.

If you would like strategic direction to strengthen your security stance, reach out to your GreenPages Account Executive who can connect you with a Security Engineer or reach out to us!

Randy Becker.

Randy Becker

Randy is responsible for GreenPages’ overall cyber security strategy, including developing comprehensive policies and procedures to protect critical applications while ensuring business agility and velocity. With more than 30 years in the IT industry, Randy has strong expertise in cyber security and risk management; security operations and optimization; infrastructure modernization; and hybrid cloud architecture, design, and implementation. Randy is also a HITRUST Certified CSF Practitioner (CCSFP) which ensures clients have access to the highest level of expertise related to privacy, security, compliance, and risk management.